Job Description

Job Description
You Lead the Way. Weve Got Your Back.

At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether were supporting our customers financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining whats possible - and were proud to back each other every step of the way. When you join TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.

Director Third-Party Security Assessments and Inspections.

Its more than protecting systems and data.

Its protecting people.

This is a B40 role.

American Express IT Risk and Information Security organization is hiring a Director of Third-Party Security Assessments and Inspections, reporting directly to the Vice President, IT Risk Management and Services. The position will lead a team of subject matter experts responsible for performing in depth information technology and information security reviews for critical Third Parties of American Express.

In partnership with Information Security, Third-Party Lifecycle Management, the Third-Party Security Assessments and Inspections team is responsible for managing, assessing, inspecting, monitoring, and reporting on critical Third-Party security risks. The role will require active engagement across owning business units and operational risk teams. Success in this role will ensure deliverables and milestones satisfy defined objectives and expectations of stakeholders, including the CISO and CIO, along with internal and external stakeholders.

You wont just see the problem; youll drive the solution.

New threats to our business, our partners, and customers appear on the horizon every day, so no two days are the same. Here are some things you can count on doing:

* Support execution of technical assessments for in-scope Third-Parties
* Provide requirements for evaluation, selection and implementation of tools & technologies to support monitoring and operational capabilities
* Identify and prioritize risks identified via activities of the team
* Drive risk-based decisions with the owning business and risk teams
* Perform on-going tracking, monitoring of progress, escalation and governance of identified issues on a periodic basis
* Partner with and influence strategic direction on third party risk management and monitoring capabilities within company and industry partners
* Collaborate and partner with key stakeholders to enhance and optimize the framework and methodology

Minimum Qualifications

Do you have what it takes to lead the way in cyber security?

* 10+ years of experience in Information Security or IT Risk organizations
* Third party security experience desired but not required
* One or more of the following certifications: CISSP, CISM, CRISC, CISA, CGEIT, COBIT, CEH or PCI
* Broad knowledge and demonstrated expertise in two or more of the following:
* Application Security (web & mobile)
* Third Party Risk Management
* Network and Infrastructure Security
* Cloud Security
* Data Protection controls (Cryptography, Data Loss Prevention, Access Controls, etc.)
* In-depth knowledge of Security and Control Frameworks such as NIST, ISO, Cloud Security, Alliance CCM, etc.
* A broad understanding of the terminology, core principles, IT controls and best practices across key risk domains, including risk assessment methodology, identity and access management, network and infrastructure security, application security, cloud security, data loss prevention, and incident management
* Capable of explaining technical concepts to a non-technical audience
* Track record of innovation, results and ability to affect change across functions
* Strategic thought leader, with experience in developing strategies and processes to deliver against the designed objectives.
* Ability to understand, analyze data and produce meaningful conclusions
* Ability to set priorities, resolve issues, provide guidance and secure engagement and commitment from teams
* Proven ability to drive change across a global organization to improve efficiencies
* Proven management and leadership experience
* Proven collaboration skills along with the ability to influence without authority
* Strong interpersonal, leadership and change management skills.
* Solid presentation and communication skills (written, graphical, quantitative, and verbal
* Exceptional ability to engage, educate, influence and collaborate across the enterprise
* Strong sense of personal accountability and ability to drive results
* Self-motivated team player with the ability to handle multiple work streams and support various team member collaborative projects to completion.
* Proven excellent relationship management skills with all levels of the enterprise are required
* Ability to effectively collaborate across teams
* Ability to quickly come up to speed in any area, sufficient to speak with an informed opinion and create a credible impression with stakeholders
* Ability to identify gaps between ones skill set and the needs of the team.
* Ability to clearly present options and make compelling recommendations, using persuasion to gain agreement or pitch an idea
* Involving the right people to ensure the best decisions are made in a timely manner
* Ability to analyze complex information and identify the most relevant details.
* Being flexible and able to adjust to new needs and new technologies, and to be comfortable with ambiguity
* Educational Preference : Masters Degree or equivalent experience
* Current certifications in CISSP, CISM, CISA, CRISC, CGEIT, COBIT, CEH or PCI highly preferred

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.